Stored Cross-Site Scripting Vulnerability in VMware Aria Operations for Logs
CVE-2025-22219

9CRITICAL

Key Information:

Vendor: Vmware
Status: Vmware Aria Operations For Logs
Vendor: CVE Published:; 30 January 2025

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-22219?

VMware Aria Operations for Logs is susceptible to a stored cross-site scripting flaw that allows an attacker with non-administrative privileges to inject malicious scripts. This vulnerability can lead to unauthorized operations being executed as an admin user, compromising system security and the integrity of sensitive data. It highlights the necessity of rigorous input validation and user privilege management to prevent exploitation.

Affected Version(s)

VMware Aria Operations for Logs any 8.x < 8.18.3

News Articles

The Register

CVE-2025-22219 CVE-2025-22221

VMware plugs credential-leaking bugs in Cloud Foundation

Broadcom has fixed five flaws, collectively deemed "high severity," in VMware's IT operations and log management tools within Cloud Foundation, including two information disclosure bugs that could lead to...

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jan 30, 2025
📰
First article discovered by The Register
Jan 30, 2025
Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Jan 2, 2025

Vmware

Badges

What is CVE-2025-22219?

Affected Version(s)

News Articles

VMware plugs credential-leaking bugs in Cloud Foundation

References

CVSS V3.1

Timeline